4Images 1.8 Cross Site Scripting

Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS Exploit Author: Piyush Patil Vendor Homepage: https://www.4homepages.de/ Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6 Version: 4Images Gallery 1.8 Tested on: Windows 10 and Kali CVE :...

Nextcloud: Remote Code Execution via Extract App Plugin

Hi, I found a critical issue in the Add-on "Extract" listed in the Nextcloud Marketplace: https://apps.nextcloud.com/apps/extract This extension can be installed directly from Nextcloud Application The vulnerability was found in file: extract/lib/Controller/ExtractionController.php line 102. The...

Weblate: Information Disclosure on demo.weblate.org

Description The demo instance, located on https://demo.weblate.org is leaking user's IP-adresses in the Activity log. F185728 Impact The authenticated user can disclose valid IP adresses of other users through Activity log. The feature works as it should so no changes should be made on the GitHub...